-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 07 Aug 2024 00:18:54 -0400 Source: chromium Architecture: source Version: 127.0.6533.99-1~deb12u1 Distribution: bookworm-security Urgency: high Maintainer: Debian Chromium Team <chromium@packages.debian.org> Changed-By: Andres Salomon <dilinger@debian.org> Closes: 1033305 Changes: chromium (127.0.6533.99-1~deb12u1) bookworm-security; urgency=high . [ Andres Salomon ] * New upstream security release. - CVE-2024-7532: Out of bounds memory access in ANGLE. Reported by wgslfuzz. - CVE-2024-7533: Use after free in Sharing. Reported by lime(@limeSec_) from TIANGONG Team of Legendsec at QI-ANXIN Group. - CVE-2024-7550: Type Confusion in V8. Reported by Zhenghang Xiao (@Kipreyyy). - CVE-2024-7534: Heap buffer overflow in Layout. Reported by Tashita Software Security. - CVE-2024-7535: Inappropriate implementation in V8. Reported by Tashita Software Security. - CVE-2024-7536: Use after free in WebAudio. Reported by Cassidy Kim(@cassidy6564). . [ Timothy Pearson ] * d/patches/ppc64le: - core/add-ppc64-architecture-to-extensions.diff: Fix runtime assertion trap on ppc64el systems . [ Daniel Richard G. ] * Enable ThinLTO (slower linking, faster runtime) on archs that can support it (closes: #1033305). * Avoid some hard-coded Debian references to simplify package builds for other distributions, e.g. Ubuntu. * d/patches: - bookworm/constexpr.patch: Add no_destroy attributes to quash many "declaration requires an exit-time destructor" warnings. - fixes/highway-include-path.patch: New patch to fix highway.h path. . [ Grzegorz Szymaszek ] * Use https instead of http in initial_bookmarks.html. Checksums-Sha1: 6c3c9b4132afe85eefbbf5ad17e6d3cd05e17a4c 3789 chromium_127.0.6533.99-1~deb12u1.dsc 6ebd03993b83045f30a7ce8f6fc91f9b25ffec97 873165572 chromium_127.0.6533.99.orig.tar.xz 1a2f68a3c3ce3542a9577d9e7c8643452433d0f2 8494232 chromium_127.0.6533.99-1~deb12u1.debian.tar.xz efa2d359e0f837c778b57f21bc9bc16f846571a7 22054 chromium_127.0.6533.99-1~deb12u1_source.buildinfo Checksums-Sha256: 1cfdcd8b1f765106b35a79ba6d115c2a721edc48b89bc1cd92cf8e61befe8048 3789 chromium_127.0.6533.99-1~deb12u1.dsc ae38ba6e6d79fa371a2d52d96671cae478f3ac5c1a1d08748f7d8fe6095afa81 873165572 chromium_127.0.6533.99.orig.tar.xz 1f2bb0953915857e3a93788d4d547eb07c3f4e7163a51d11abe745b4a506daf1 8494232 chromium_127.0.6533.99-1~deb12u1.debian.tar.xz c1b83e0ec8fc431321c1b25bb780bdc34e3a5f1c42055e9343531c439adc2c94 22054 chromium_127.0.6533.99-1~deb12u1_source.buildinfo Files: bab3196268206d867ae855f3dc98373c 3789 web optional chromium_127.0.6533.99-1~deb12u1.dsc d91f051b9e54c13f1c352be7da2d594e 873165572 web optional chromium_127.0.6533.99.orig.tar.xz 0fc4bd47b1a50370a6ae93457934dc87 8494232 web optional chromium_127.0.6533.99-1~deb12u1.debian.tar.xz 4b9e916cbfce84938a4bc872bcac2c76 22054 web optional chromium_127.0.6533.99-1~deb12u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmazrpIUHGRpbGluZ2Vy QGRlYmlhbi5vcmcACgkQZF0CR8NudjdRKBAAmIfLrw0uKx9Rw/s3qOjV9bvgOsR6 J6X9N0Cy+pfBJMLh8xSifte3Nrr0RUOrEq2im5sDpp41weV8PX6PL0SI6jaXwwt/ UQS4cmoww98DRUE72ZJTjaPUIkrvsBgSZ6FT6SCJHExAH2aJ7TSYEAhEdJ678oid 4PyQ1t59DesRjAaW5ZyPN3COSdjgoX4pddMX3o+357BGJ3h/7qXA1fk7MnfmH5gc 550ZUaUv8ci9X+2fp1PtVHlfA+yM1xuodIcSRDTzTrjFvinkRq/ARVqC0+i4RHUI 62vb0mUybYD1mA+kVEoqnLRhtrGF5tRuBopwPCi87nXZYl1qXCTFvQQnH7loZYZj h7TdRd6ZXa8ma51VyyQkKWR6qApnmJSbVIsW1nM+AmF30lqx/HJifdRZsjFBDhEl jQTZOZ+VLLtkJBuGyj03wpBToUYT4Rt4K+Qw1wRoQpBs+1eInSFswYtbi0lfvUee 328mZJUOS4awczP7QaIv9dBcyA05YXNubpG7wbFv34OCdtMjU0NLhmnGp1REokx/ UWeTYHRMcsRGGRsoXQ9AYUizkjjTKo0xUGmQk7Y/qNF3Oz2pHM4AoM+bElngS2eH 3+NElp+d6si900Y+73vzAejqbYrVXMnjVny55Dwjs9lzSXw2Veo2Vo8Qu/bsR8ap FVFR0sT3w1O/bZE= =m5bL -----END PGP SIGNATURE-----
